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DETAILED ACTION 

Status of the Application 

1. This is response to the "Amendment" and "Remarks" filed on November 19, 
2007. 

2. The Final Office Action mailed February 22, 2008 is hereby withdrawn. 

Claim Objections 

3. Claim 21 is objected to because of the following informalities: The term "ANSI 
C12.19" is an industry standard or a trademark, which by nature, is subject to change in 
meaning and scope. Appropriate correction is required. The Office recommends 
amending the preamble so that a more generic term is used in place of "ANSI C12.19." 

Claim Rejections - 35 USC §112 

4. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly 
pointing out and distinctly claiming the subject matter which the applicant 
regards as his invention. 

5. Claim 21 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. The term "Decade4 table parameters" in line 2 of Claim 21 
renders these claims indefinite because it appears that the parameters in the "Decade4 
table" are industrial standards, which are subject to change. The Office recommends 
amending the claims so that actual and, hence, permanent parameters are claimed. 
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Claim 13 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. Claim 13 recites "generating an access key", while the 
specification describes internally and externally generated access keys as well as 
generating an access key. Claim 13 will be interpreted herein as referring to an 
internally generated access key. 

Claims 4 and 14 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. The terms "arithmetically combines" and 
"arithmetically combining" in claims 4 and 14 are relative terms which renders the claim 
indefinite. Both terms are not defined by the claims, the specification does not provide a 
standard for ascertaining the requisite degree, and one of ordinary skill in the art would 
not be reasonably apprised of the scope of the invention. Generation of the security key 
is rendered indefinite by the use of the above terms. 

Claim Rejections - 35 USC § 103 

6. Claims 1 - 22 are rejected under U.S.C. 103(a) as being unpatentable over 
Hoffman et al, US Patent No. 5, 715, 390 in view of Matyas et al, US Patent No. 
4,91 8,728, in view of Haines, US Patent No. 5,1 07,455, and in further view of Kinter- 
Meyer, Utility/Energy Management and Control System Communication Protocol 
Requirements. 

Examiner's Note: The Examiner has pointed out particular references contained in the prior art of record 
within the body of this action for the convenience of the Applicant. Although the specified citations are 
representative of the teachings in the art and are applied to the specific limitations within the individual 
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claim, other passages and figures may apply. Applicant, in preparing the response, should consider fully 
the entire reference as potentially teaching all or part of the claimed invention, as well as the context of 
the passage as taught by the prior art or disclosed by the Examiner. 

As per claims 1, 5, 7, 13, 22: 

With regard to the limitations of a bypass component for enabling a data access 

operation by an external device without reference to security data table parameters, 
Hoffman explicitly teaches: "The upgrade command identifying the desired option or 
upgrade is programmed into the upgrade software program" (Hoffman, column 2, line 
63-65). 

The upgrade software program above sends a command identifying the desired 
option, which enables a data access operation for upgrading the meter through an 
external device (Hoffman, column 2, lines 62-64). 

With regard to the limitations of a security key generator for generating a security 
key, Hoffman explicitly teaches "an upgrade software program that reads the serial 
number from the RAM in the meter and reads the secret software key from the 
hardware key. The upgrade software program then processes the read secret software 
key and the read unique serial number of the meter with the stored authentication 
algorithm to generate at least one password" (Hoffman, column 4, lines 52-57). 

With regard to the limitations of an access key generator for generating an 
access key from the security key, Hoffman explicitly teaches: "The password is 
generated by processing a software key and a serial number of the meter with an 
authentication program by a processor external to the meter." (Hoffman, column 5, lines 
47- 50). 
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"The described authentication algorithm returns a 4 byte authentication password" 
(Hoffman, column 4, lines 7- 12). 

With regard to the limitation of generating a security key. Hoffman teaches, (see 
at least, Hoffman column 4, lines 52-57); 

With regard to the limitation of generating an access key from the security key 
(see at least Hoffman, column 5, lines 47- 50); 

With regard to the limitation of enabling a data access operation to occur without 
reference to security access tables (see at least Hoffman, column 2, line 63-65). 

With regard to without reference to Decade4 table parameters, Hoffman teaches 
a system in terms of security features, it does not explicitly describe a system to bypass 
security. Maytas however teaches; "Protection From Non-System Generated Keys. The 
method for coupling the control vector and key is such that CV checking is unable to 
detect a system generated key (via KGEN or GKS) from a non-system generated key. 
For this reason, a "back-door" method exists within the architecture for generating a 
keys and control vectors. It consists of defining a control vector "of choice" and a 
random number which is then represented as a key encrypted in the manner described 
under the architecture using the selected control vector. The so-called "back-door" 
method of key generation is primarily an annoyance, although in some cases 
cryptographic attacks would be possible if additional measures of defense were not 
taken in the architecture" (Matyas, column 15, lines 18-27 and 31-34). 

The Deacde4 table parameters are the security limiting tables, which are part of 
the ANSI C12.19 standard where access permissions are used to limit table read or 
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write access, although the exact means for granting access are not defined by the 
standard. The present invention involves a back-door or bypass method that goes 
around the ANSI C12.19 security features. Back-door or bypass security methods are 
well known in the art as exemplified by Maytas, which in this case, control vector 
checking is unable to detect a system generated key from a non-system generated key, 
much like what is being done in the current application. In light of Maytas, it would have 
been obvious to one of ordinary skill in the art at the time of the invention to incorporate 
such a bypass of security features since this allows for meter calibration and upgrade 
that would otherwise be denied access. 

Hoffman/Maytas teach the limitations as shown above. Hoffman/Maytas do not 
directly disclose the following limitations but Haines does: 

a security component for determining whether an externally generated access 
key is the same as an internally generated access key, 

comparing the generated access key to an externally generated access key 

an access key generator configured to receive the security key and generate an 
internal access key 

an access key comparator for comparing the access key generated by the 
access key generator to an access key received from an external device 
receiving a request for a security key (data center) 

Haines teaches: "The meter is reconfigured by first putting the meter into a I/O 
configuration mode by suitable entries from the keyboard. In this mode, the meter is 
inhibited from printing postage. The meter has a storage register for a current or old I/O 
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configuration number (IOCN). A desired new IOCN is entered via keyboard entry. The 
meter software generates an encrypted I/O configuration request code that is partially 
based on the value of the new IOCN. The I/O configuration request code is 
communicated to a data center computer along with other validating identification 
information. The data center computer checks the code by computing the I/O 
configuration request code using the same algorithm. If the two values agree, the data 
center computer generates an encrypted I/O configuration enable code that is partially 
based on the meter serial number. This is communicated to the meter, which receives 
the computer generated I/O configuration enable code and also generates an internal 
I/O configuration enable code using the same encryption algorithm as the data center 
computer. If the I/O configuration enable codes agree, the meter overwrites the old 
IOCN with the new IOCN in permanent storage. The external devices in communication 
with the meter may then read the IOCN and implement the feature set represented by 
the IOCN." (Haines, column 1, lines 67-68 and 2 lines 1-24). It would have been 
obvious to one of ordinary skill in the art at the time of the invention to modify 
Hoffman/Maytas with the internally generated code of Haines to enhance security to 
prevent unauthorized data access operations. 

As per claim 2: 

With regard to the limitations of a security component further comprising: a 
security key generator for generating a security key, Hoffman explicitly teaches "an 
upgrade software program that reads the serial number from the RAM in the meter and 
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reads the secret software key from the hardware key. The upgrade software program 
then processes the read secret software key and the read unique serial number of the 
meter with the stored authentication algorithm to generate at least one password" 
(Hoffman, column 4, lines 52-57). 

The password generated above by the upgrade software program is equivalent 
to the "security key generator" to one skilled in the art at the time of the invention. 

As per claim 3: 

With regard to the limitations of the security key generator generates the security 
key from variable data and data associated with the meter, Hoffman explicitly teaches: 
"The upgrade software program reads the serial number from the RAM in the meter and 
reads the secret software key from the hardware key. The upgrade software program 
then processes the read secret software key and the read unique serial number of the 
meter with the stored authentication algorithm to generate at least one password" 
(Hoffman, column 2, lines 52-57). 

"More specifically, the software key is a counter, which is decremented each time 
an upgrade is downloaded to a meter, so that only the number of upgrades purchased 
can be enabled. The hardware key is a storage medium for the software key described 
above" (Hoffman, column 1, lines 41-46). 

The password generated above consists of data associated with the meter, the 
meter's serial number and the software key being a counter, constitutes variable data. 
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As per claim 4: 

With regard to the limitations of the security key generator arithmetically 
combines the variable data and the data associated with the meter to generate the 
security key, Hoffman explicitly teaches: 

"The upgrade software program that reads the serial number from the RAM in 
the meter and reads the secret software key from the hardware key. The upgrade 
software program then processes the read secret software key and the read unique 
serial number of the meter with the stored authentication algorithm to generate at least 
one password" (Hoffman, column 2, lines 52-57). 

"The following described authentication algorithm accepts: 

(1) the sixteen byte secret and protected keying variable; 

(2) the sixteen byte meter serial number; and 

(3) the one byte option code; 

and returns a 4 byte authentication password." 

"In accordance with the authentication algorithm of the present invention, an 
array of 33 bytes, B(i,j), is defined where i, 1 □ I □ 33, is the byte number and, j, 0 □ j □ 
7, specifies the bits within byte i. The least significant bit (LSB) is specified by j=0; and 
the most significant bit (MSB) is specified by j=7" (Hoffman, column 5, lines 7- 18). 

The references above show arithmetically combining variable data, the software 
key and the data associated with the meter, the meter's serial number, through the use 
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of the authentication algorithm, which is equivalent to the "security key" to one skilled in 
the art at the time of the invention. 



As per claim 6: 

With regard to the limitations of the access key generator augments the security 
key before generating the access key, Hoffman explicitly teaches: "The 4 byte password 
resulting from the cycling of initialized array B (FIG. 3), as described above, is shown in 
FIG. 4. A 4 byte password resulting from the cycling of initialized array B (FIG. 3), with 
the exception of the option byte being set to the value 2 instead of 1, is shown in FIG. 5. 
It will be appreciated that the change in the option status has resulted in a significant 
change in the password. This is also the case for a small change in the serial number or 
the key." (Hoffman, column 5, lines 65-68 and column 6, lines 3-6). 

The references above clearly shows that the authentication algorithm has 
augmented the security of the system, since any small change in the input to the 
algorithm results in a significant change in the resulting password. 



As per claim 8: 

With regard to the limitations of a data access monitor for monitoring data access 
operations performed by the external device and resetting the access key comparator in 
response to a data access being performed by the external device. Hoffman explicitly 
teaches: "In accordance with the present invention, ROM includes codes for 
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implementing one or more stored options or upgrades. It will be appreciated that these 
options or upgrades are stored in the meter at the factory and can be utilized only when 
purchased and enabled as described herein. Each meter has a unique serial number 
stored in RAM. In the present example, the serial number is 16 bytes long and includes 
bit-flags (i.e., an option byte) indicating which options have already been enabled. Each 
option which is not enabled must be requested and a password verified before it can be 
utilized. It is an important feature of the present invention that the password be based 
on the serial number, so that the same password cannot simply be recorded and played 
back to another meter. Further, the password cannot be used to upgrade more than the 
option(s) selected (and purchased) " (Hoffman, column 2 lines 16-29). 

"The upgrade command initiates the ROM codes for implementing one or more 
stored options or upgrades in step 81 . The upgrade command identifying the desired 
option or upgrade is programmed into the upgrade software program." (Hoffman, 
column 4, lines 61-65). 

"After 330 cycles, the contents of bytes B30, B31 , B32, and B33 are defined to 
be the password corresponding to the specific key, meter serial number, and option. 
The authentication algorithm being known will not in of itself allow recovery of the secret 
key. Further, if a single bit is changed in the serial number, the option byte, or the key, 
then the authentication password will change in a difficult to predict fashion" (Hoffman, 
column 5, lines 46-54). 
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"It will be appreciated that the change in the option status has resulted in a 
significant change in the password. This is also the case for a small change in the serial 
number or the key" (Hoffman, column 6, lines 3-6). 

It is clear from the references above that the upgrade command and the counter 
function as a data access monitor since each option which is not enabled must be 
requested and a password verified before it can be utilized. The authentication 
algorithm referenced above functions as the reset mechanism since it prevents further 
upgrades through a significant change in the password should any small change occur 
in the option status, key, or serial number of the meter. A change in this externally 
generated password would not match the meter's internally generated password 
preventing further data access to the meter, functioning as reset of the access key 
comparator of the current invention. 

As per claim 9: 

With regard to the limitations of a unlock timer for timing an interval 
corresponding to a data access operation and for resetting the access key comparator 
in response to a data access being performed by the external device. Hoffman explicitly 
teaches: "The counter is decremented each time an upgrade is downloaded to a meter, 
so that only the number of upgrades purchased can be enabled" (Hoffman, column 4, 
lines 65-67). 
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The counter above functions as an unlock tinner providing limited data access for 
a period based on the number of upgrades purchased that can be enabled. As 
mentioned above, the authentication algorithm functions as the reset mechanism since 
it prevents further upgrades through a significant change in the password should any 
small change occur in the option status, key, or serial number of the meter. 

As per claim 10: 

With regard to the limitations of the bypass component enables a single data 
access operation by the external device. Hoffman explicitly teaches: "The upgrade 
command identifying the desired option or upgrade is programmed into the upgrade 
software program" (Hoffman, column 2, line 62-64). 

"The password is generated by processing a software key and a serial number of 
the meter with an authentication program by a processor external to the meter" 
(Hoffman, column 4, lines 47-50). 

The upgrade software program above sends a command identifying the desired 
option, which enables a data access operation for upgrading the meter through an 
external device (Hoffman, column 2, lines 62-64). 

"The counter is decremented each time an upgrade is downloaded to a meter, so 
that only the number of upgrades purchased can be enabled" (Hoffman, column 4, lines 
65-67). 
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It should be clear from the above references, that the counter above functions as 
an unlock timer providing limited data access for a period based on the number of 
upgrades purchased that can be enabled and that upgrading is done through an 
external device. 

As per claim 11: 

• With regard to the limitations of the security component and bypass component 
are implemented by a procedure. Hoffman explicitly teaches: "The upgrade 
command identifying the desired option or upgrade is programmed into the 
upgrade software program" (Hoffman, column 4, line 63-65). 

o The security component and the upgrade software program are equivalent 
per Claim 2's rejection and it is well known in the art that software 
programs contain and are developed through the use of procedures, 
o The bypass component and the upgrade software program are equivalent 
per Claim 1's rejection and it is well known in the art that software 
programs contain and are developed through the use of procedures. 

As per claim 12: 

With regard to the limitations of the procedure is a computer program executed 
by a processor in the utility meter. Hoffman explicitly teaches: "The password along 
with an upgrade command are presented to the meter where they are compared to the 
read-protected passwords in the RAM of the meter, and, if there is a match, then the 
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upgrade command initiates the ROM codes for implementing one or more stored 
options or upgrades (Hoffman, column 4, lines 57-63). 

The comparison of passwords is obviously done, to someone skilled in the art, by 
the meter's internal processor and the processor also responds thereafter to the 
upgrade command. 

As per claim 14: 

With regard to the limitation of arithmetically combining variable data with data 
associated with a utility meter to generate the security key (see at least Hoffman, 
column 2, lines 52-57). 

As per claim 15: 

With regard to the limitation of augmenting the security key before generating the 
access key (Hoffman, column 5, lines 65-68 and column 6, lines 3-6). 

As per claim 16: 

With regard to the limitation of Monitoring for a data access operation by an 
external device in response to the comparison of the access keys being the same 
(Hoffman, column 2 lines 16-29). 



As per claim 17: 
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With regard to the limitation of timing a data access interval (see at least 
Hoffman, column 4, lines 65-67); 

With regard to the limitation of resuming security processing with reference to 
security tables in response to the data access interval time expiring (see at least 
Hoffman, column 4, lines 65-67). 

As per claim 18: 

With regard to the limitations of generating the access key with an encryption 
function, Hoffman explicitly teaches: "After 330 cycles, the contents of bytes B30, B31, 
B32, and B33 are defined to be the password corresponding to the specific key, meter 
serial number, and option. The authentication algorithm being known will not in of itself 
allow recovery of the secret key. Further, if a single bit is changed in the serial number, 
the option byte, or the key, then the authentication password will change in a difficult to 
predict fashion" (Hoffman, column 5, lines 47-54). 

The authentication algorithm being known does not in and of itself allow recovery 
of the secret key, is indicative of and the result of, to on skilled in the art, to an 
encryption function. 

As per claim 19: 

With regard to the limitations of generating the access key with a hashing 
function. Hoffman explicitly teaches: It will be appreciated that the change in the option 
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status has resulted in a significant change in the password. This is also the case for a 
small change in the serial number or the key." (Hoffman, column 6, lines 3-6). 

This result is indicative of and the result of, to one skilled in the art, to a hashing 
function, where the fundamental property of all hash functions is that if two hashes, 
according to the same function, are different, then the two inputs are different in some 
way. 

As per claim 20: 

With regard to the limitation of performing a data access operation without 
reference to the security tables (see at least Hoffman, column 2, line 63-65). 

As per claim 21: 

With regard to the limitation of the standard meter industry data structures are 
ANSI C 12.19 data structures and the security data table parameters are Decade4 table 
parameters, Hoffman teaches the limitations as shown above. Hoffman does not 
specifically disclose ANSI C 12.19, but Kinter-Meyer does (see pages 92, 162). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify Hoffman with the ANSI C 12.19 standard of Kinter-Meyer since 
moving toward standardization of utility meters benefits the utility industry with standard 
interfaces and lowers meter costs. 

Response to Arguments 
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Applicant's arguments with respect to claims 1-22 have been considered but are moot 
in view of the new grounds of rejection. 

Conclusion 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Thomas West whose telephone number is 571-270- 
1236. The examiner can normally be reached on M-R 7:30am - 5pm EST, ALT Fridays 
off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew Fischer can be reached on 571-272-6779. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 



Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
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Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Thomas West 
Patent Examiner 
Art Unit 3621 
May 20, 2008 



/ANDREW J. FISCHER/ 

Supervisory Patent Examiner, Art Unit 3621 



